Section 2

Quick Check

Five fixes. No backend. Local state only. Finish the base layer, then move to the advanced scans.

Completion

0 / 5 done

Step 1

Run security audit

Start with a deep scan and read the critical findings before you touch anything else.

Why it matters

You need a current baseline. Critical issues should be treated as active exposure, not backlog.

Look at both `critical` and `warn`, but treat `critical` as stop-the-line work.
Save the output somewhere durable so you can compare tomorrow’s run against today’s baseline.
If a skill looks suspicious, remove it before adding new permissions or credentials.

CLI

1openclaw security audit --deep

Step 2

Move secrets out of config

Take API keys and tokens out of `openclaw.json` and move them into a local secrets file.

Why it matters

Plaintext credentials in config are the easiest thing for a malicious skill to read and exfiltrate.

Step 3

Disable elevated exec

Turn off the direct path from chat to high-privilege host execution unless you truly need it.

Why it matters

Elevated execution turns prompt mistakes and malicious skills into host-level incidents much faster.

Step 4

Enable sandbox for non-main sessions

Keep the main session flexible, but force sub-agents into a sandbox by default.

Why it matters

Most risky automation and skill experimentation happens in side sessions. That is where isolation should start.

Step 5

Set up nightly audit

Automate the deep audit so regressions are caught before they pile up.

Why it matters

Security drifts quietly: new skills, config changes, and copied secrets tend to appear outside the moment you are paying attention.

Section 3

Threat Landscape

The problem is not theoretical. The ecosystem already contains prompt-injected skills, hardcoded secrets, and large-volume malicious uploads.

3,984 skills scanned

3,984

Snyk

Critical issues

534 · 13.4%

Snyk

Any security flaw

1,467 · 36.8%

Snyk

Malicious skills using prompt injection

91%

Snyk

Skills with hardcoded secrets

10.9%

Snyk

Single-author malicious skill wave

314 · hightower6eu

Community report

Risk bars

What the scan numbers look like

Critical issues

At least one critical issue

13.4%

Any flaw

Any reported security issue

36.8%

Prompt injection in malicious skills

Prompt injection usage inside malicious samples

91%

Hardcoded secrets

Credentials exposed directly in skill packages

10.9%

What this means operationally

Do not assume the skill directory is clean by default. Treat installs like package intake: verify source, inspect code, then run inside the smallest permission envelope available.

“It’s your personal assistant, not a bus. Treat the security surface accordingly.”
— steipeteOpenClaw creator, on why isolation defaults matter

Section 4

My Setup

This is the before/after shape of our own OpenClaw hardening pass. It is simple on purpose: fewer obvious openings, fewer surprises in the audit.

Real operator config

Metric

Before

After

Critical

Warn

Plaintext secrets

Yes

Elevated exec

Off

Sandbox

Off

On (non-main)

Nightly audit

Yes

Section 6

Turn the checklist into a real operating habit

The checklist gets you out of the obvious danger zone. Ship Faster Pro is where the full operating playbook lives: hardening patterns, review loops, and the production path behind a live multi-agent setup.

Playbook depth

From first audit to production-safe operating patterns.

Real configurations

Concrete settings, not generic "be careful" advice.

Ops cadence

Nightly checks and repeatable review loops so the setup stays clean.

Newsletter

Get future security notes

OpenClaw Security Checklist

Quick Check

Run security audit

Move secrets out of config

Disable elevated exec

Enable sandbox for non-main sessions

Set up nightly audit

Threat Landscape

My Setup

Advanced

Turn the checklist into a real operating habit